Posted
by
samzenpuson Monday July 11, 2011 @11:07AM
from the got-to-tap-them-all dept.

DMandPenfold writes "Police are questioning whether a change in News International's email retention policy was part of an effort to conceal widespread phone hacking by the News of the World, a scandal which is threatening Rupert Murdoch's planned takeover of BSkyB. The trawl for emails and the questioning of changes in News International's email retention policy has important implications for IT security and corporate governance professionals, and is likely to see organizations examining their own policies and reminding their staff on acceptable usage and best practice for email."

is likely to see organizations examining their own policies and reminding their staff on acceptable usage and best practice for email

It'd be pretty sad if the lesson people take from the News Corp fiasco is: man, their IT staff should've really been more on the ball about making sure no evidence of the crimes they committed was accidentally retained.

It'd be pretty sad if the lesson people take from the News Corp fiasco is: man, their IT staff should've really been more on the ball about making sure no evidence of the crimes they committed was accidentally retained.

It's been an open secret for well over a decade now that email retention policies are purely legal dodges. There is no other reason to automatically delete such massive stores of institutional memory except for the possible legal threat they may pose. It isn't like email storage requirements are a practical limitation - any company with terabytes of email is going to have an IT budget so large that those costs will be lost in the noise.

And, while I don't have a link at hand, I recall a case a couple years ago where the government was pursuing charges that a large corp's email retention practices were a deliberate form of destruction of evidence - despite all of the lawyerly sign-offs and standardised corporate practices verbiage. I wish I did have a link because I'd like to know how that case turned out.

Talk like that is going to result in the lawyers requiring all emails to be hidef videos with 5.1 sound, no more plain text. Keep quiet lest a lawyer hear us, unless you look forward to supporting that kind of a monstrosity...

hidef video with 5.1 surround sound with only a picture of an text only email (with some robotic overlord reading said email, in order to have some content in the audio) would compress quite nicely. You can drop the keyframe frequency to 0, as long as you have a key frame in the beginning.

It's been an open secret for well over a decade now that email retention policies are purely legal dodges. There is no other reason to automatically delete such massive stores of institutional memory except for the possible legal threat they may pose

Not true.

Emails often contain personal information, at the very least contact information, and keeping such information indefiintely risks breaching data protection laws in various jurisdictions.

Stiff sanctions have been awarded against parties who fail to meet their production obligations and criminal prosecutions are possible for deliberate attempts to interfere with federal investigations or administrative proceedings. (7)

Maybe you aren't aware that corporations also destroy physical dead tree documents, religiously. Papers are retained for as long as the law requires, then they are destroyed. Electronic documents of a similar nature should be dealt with in the same manner. There is no reason to archive stuff for decades, just because you consider the cost to be trivial.

The more records being retained, the more records are available to be stolen, whether they be stolen by industrial espionage agents, the courts, or whoeve

I'm quite aware. Just like I'm aware that librarians regularly cull their collections of dead tree books. But electronic documents are not the same as dead trees and treating them as such is to ignore everything that makes them superior. You can't grep dead trees and they take up serious amounts of physical space. Neither is the case with old email.

There is no reason to archive stuff for decades, just because you consider the cost to be trivial.

There is no reason NOT to archive stuff for decades precisely because all of the costs except for legal liability for wrong doing are trivial.

It's been an open secret for well over a decade now that email retention policies are purely legal dodges. There is no other reason to automatically delete such massive stores of institutional memory except for the possible legal threat they may pose. It isn't like email storage requirements are a practical limitation - any company with terabytes of email is going to have an IT budget so large that those costs will be lost in the noise.

You'd be surprised.

Data storage on one single desktop-class SATA disk is very cheap, you're right there.

Data storage on a SAS disk is about three to six times the cost - that's before you factor in storage losses through RAID.

If you want really fast access to data, it's common to buy lots of smaller drives and spread the data across more spindles. This increases your cost per gigabyte quite a bit further because smaller disks are never very cost-effecient.

In my techie opinion, strong-encrypted tarballs uploaded to something like Amazon S3 or iCloud would be a very safe way to go for indefinite storage. They take care of the redundancy, all you have to do is pay your bill. It's as close as you can get to free, too.

Yes, but according to the Guardian who have been doggedly pursuing this story, there was an external company involved, Essential Computing, who were the ones who blew the whistle and recovered the incriminating messages. In other news, it sounds like the Bangalore operation they outsourced most of their IT to have had no problems disappearing vast amounts of information.

It'd be pretty sad if the lesson people take from the News Corp fiasco is: man, their IT staff should've really been more on the ball about making sure no evidence of the crimes they committed was accidentally retained.

But that is the lesson that is being taken.

I wonder if other people more generally are also taking the lesson that you can't give anyone's phone number to anyone else for any reason without the first person's explicit permission. (That applies to mobile and landline numbers, and any other nu

And a lot of it too. Everyone can smell it and the revelations are only in their infancy. I always thought Murdoch was a blight on the news industry and a poster child for the evils of media consolidation but this scandal shocks even me. This is mafia-level shit.

Oh, pfft, Murdoch could eat an orphan live on Sky 1, and he'd still be feted and fawned over come the next general election. Keeping that harridan Rebekah Brooks on-board is a clear F-U to the peons (in which I include such non-entities as mere Prime Ministers).

It's getting actually downright scary. Apparently there's evidence that a member of the Queen's security team was taking bribes for information on the doings and whereabouts of members of the Royal Family. Let's keep in mind here that the Queen is the head of state of the UK and fifteen other Commonwealth Realms, and this is a massive breach of security.

Imagine for a moment what would be happening right now to any newsroom that had managed to penetrate the Secret Service and was gaining information on the President's whereabouts, or that of his wife and children. The Secret Service would be tearing the newsroom to pieces, reporters and editors, Christ, even the bloody janitors and the guy that flips the water bottles, would be sweating it out under a bright light bulb in front of guys in suits and sunglasses.

Anybody with even a passing familiarity with the British constitutional system knows that the Queen is not powerless. That the Sovereign rarely if ever uses her powers does not make her powerless. The last UK election showed just how extensive the Regal powers can be.

In the case where there is no clear winner of a general election, the British Sovereign (and their Vice-regal representatives in the other Commonwealth Realms) can decide who forms a government. Since the previous government no longer is in a position to advise the Sovereign on who forms a new government, other than the Sovereign's advisers, this is entirely up to the Sovereign.

Beyond that, the Sovereign still holds wide reserve powers. Under normal circumstances these are only used on the advice of the G

Keeping that harridan Rebekah Brooks on-board is a clear F-U to the peons (in which I include such non-entities as mere Prime Ministers).

Maybe.

I'd pretty much assumed that she was just being kept ready as the scape goat of choice when things get really bad (and we don't know how much there is yet to come). "Oh, we don't want to lose Rebekah, we have complete confidence in Rebekah, no absolutely we won't fire Rebekah... well, okay, you win, Rebekah has been escorted out of the building - a big triumph for the will of the public. Massive embarassement for us but you beat us. Now let's move on."

No, that's pretty standard fare for a scandal. Pick your scapegoat, support them until the point when supporting them is no longer possible and then get them to fall on their sword.

The chief difference in this case is that Brooks is a good pal of David Cameron's, which means her downfall may be the last straw for him. He's already bleeding like crazy over Andy Coulson's being charged. There are legitimate questions as to how much more damage Cameron can accrue before his own position becomes untenable.

Hacker: Don't tell me about the press, I know exactly who reads the papers: the Daily Mirror is read by people who think they run the country; the Guardian is read by people who think they ought to run the country; the Times is read by people who actually do run the country; the Daily Mail is read by the wives of the people who run the country; the Financial Times is read by people who own the country; the Morning Star is read by people who think the country ought to be run by another country; and the The Daily Telegraph is read by people who think it is.

Sir Humphrey: Prime Minister, what about the people who read The Sun?

Bernard: Sun readers don't care who runs the country, as long as she's got big tits.

Just in: "Former prime minister Gordon Brown had his phone hacked and bank account breached by The Sunday Times, another British newspaper owned by Rupert Murdoch's media empire"....god know what darker things will come out the woodwork.

Can we finish locking the News of the World staff in their headquarters and burning it to the ground, along with anybody found to have aided or abetted them(given that their contacts with the Met and right up to the PM are well known, this probably includes a few people in addition to their shady PIs...) and get on to an important matter:

Why are phones, particularly the VM box that is more or less an automatic part of today's cell phone, so damn vulnerable? The Telcoes seem to have no trouble tracking our activities in great detail if those activities are something for which we can be billed, and they also seem eminently willing to cooperate with law enforcement. Why, then, do I have absolutely no way of knowing when, and from where, my VM box was called into, and why would the VM box of a phone that is subject to police investigation be accessible from the outside at all?

I certainly wouldn't mind seeing a bunch of tabloid flacks roasted in their own slime; but if voicemail hacking and phone intercepts by random PIs are that easy, we have a problem that needs to be solved by better security, not just crushing malefactors after the fact...

I know VM is not very secure, but what I don't understand is why everyone is not screaming about this being a hacking crime. If an individual does this they want to throw the book at them and lock them up for years.

Just because it is a newspaper out to make money does not entitle them to escape criminal charges. They should be out there pressing charges and fining Murdoch for this behavior.

Oh, I would certainly view the pressing of serious criminal charges against as many of them as possible with the greatest pleasure. I'm just not entirely optimistic that a media empire as influential as Murdoch's will be attacked as strongly as it ought to be, and definitely sure that if a major newspaper got away with hacking high-profile phones without being noticed, much less stopped, for a period of years, Joe Blow doesn't have a chance in hell if somebody with the cash for a PI takes an interest in him

Why are phones, particularly the VM box that is more or less an automatic part of today's cell phone, so damn vulnerable?

All they did is access voicemail accounts which had the default PIN i.e. 1234 or whatever. Nothing clever. Once they had the mobile numbers, they just dialed in from another phone, access VM and entered the PIN. Simples.

There is many stories about what they actually did, but there is a suggestion that it is only a four digit pin, so they manually brute forced it. Yes it is tedious but the $$$ rewards made it worth it.

Remember they where making payments totaling hundreds of thousands of pounds to corrupt police officers.

or they could have done it with CLI spoofing, as when you call up from your own phone by default the vm system will not require a pin, so if you use a CLI spoofing service you can get it with no pin.
http://en.wikipedia.org/wiki/Caller_ID_spoofing [wikipedia.org]

It's kind of clever, actually. I can only speak for my provider (Bell Mobility Canada) but it only asks for your PIN if you are calling from an outside line. And (apparently, I've never tried) it tells if it's an outside line by caller ID, not some tower signal voodoo. So even if you change from the default password, you can still be hacked if your provider works that way. (Bell doesn't for landline VM, it prompts even from your own line). But on the other hand, I think the default voicemail password

Why are phones, particularly the VM box that is more or less an automatic part of today's cell phone, so damn vulnerable?

In most cases, because the users are stupid. In some cases, because the telco is stupid.

The majority of the time, the user will have a stupidly weak password like 1234, 123456, 111111, etc. I do VoIP for a living and one of the platforms I support, Broadworks, can not block a user from having a password like 123456. 111111 is banned, but easy sequences can't be yet. Due to this, I have on average 3-5 cases a month of people getting their accounts hacked and someone trying to forward calls to some other

>The majority of the time, the user will have a stupidly weak password like 1234, 123456, 111111, etc. I do VoIP for a living and one of the platforms I support, Broadworks, can not block a user from having a password like 123456. 111111 is banned, but easy sequences can't be yet.

The next time you go to the ATM take a look at the number pad, where people put in their PINs.

IN NOVEMBER 2005, three senior aides to Britain’s royal family noticed odd things happening on their mobile phones. Messages they had never listened to were somehow appearing in their mailboxes as if heard and saved. Equally peculiar were stories that began appearing about Prince William in one of the country’s biggest tabloids, News of the World.

As Scotland Yard tracked Goodman and Mulcaire, the two men hacked into Prince Harry’s mobile-phone messages. On April 9, 2006, Goodman produced a follow-up article in News of the World about the apparent distress of Prince Harry’s girlfriend over the matter. Headlined “Chelsy Tears Strip Off Harry!” the piece quoted, verbatim, a voice mail Prince Harry had received from his brother teasing him about his predicament.

The palace was in an uproar, especially when it suspected that the two men were also listening to the voice mail of Prince William, the second in line to the throne

The ones in charge, Rupert Murdoch and Rebekah Brooks, have known about this for years and approved of it. They are the ones who should be charged, not the pianists, i.e. the reporters. They did what they were told to do.

I don't think that's particularly fair. How would the readers know that the Newspaper was breaking the law to get it's stories? And, of course, if you're going that way what about the advertisers who paid the News of the World to commit the crimes and entice the readers? After all, the readers are mere witnesses, the advertisers aided and abetted the crimes by providing the money for them...

No, the responsibility for the crimes lies with the people who did them, and the people who ordered them done.

Sure, I'm not suggesting the NOTW shouldn't be held responsible. But it just seems a little hypocritical for tabloid readers to spend years avidly reading the kind of intrusive stories described by the OP, only to then turn round and act horrified when they discover they were created using dodgy practices.

The morning news were saying that the way some laws are written that they will have to do the time, even if proven that they had nothing to do with it. At one point or another someone was tired of watching scapegoats being lead to the slaughter while the people on top were immune. It looks like a few of these laws that may have been broken do hold those in charge at the very top responsible for all the actions of their underlings. They were showing Murdoch's son superimposed behind bars all morning long.

The Younger Murdoch may be facing serious charges in the US over the bribing of British police officers (and now, we learn, even a member of the Queen's security staff). There's some suggestion that the only reason Rebekah Brooks hasn't been forced to fall on her sword yet is to try to deflect the lightning from James Murdoch, but that won't preserve him if the DoJ decides to go after him over bribery of foreign officials.

Criminal liability of directors etc.(1)Where an offence under any provision of this Act other than a provision of Part III is committed by a body corporate and is proved to have been committed with the consent or connivance of, or to be attributable to any neglect on the part of—(a)a director, manager, secretary or other similar officer of the body corporate, or(b)any person who was purporting to act in any such capacity,he (as well as the body cor

Can I ask someone in the US to get the Feds on to this? News International's staff are alleged to have bribed UK Police, which is a federal crime under your Foreign Corrupt Practices Act. Please get it investigated, and get New International prosecuted for perverting justice.

There is a chance the inverse could happen here and it will be quietly kept downplayed.

The most adamant, in the US, "The devil made them do it and the devil is technology!" new POV tend to gravitate under or near Murdoch. This is like spending years calling people witches for having warts, strange feline familiars of dark coloring and reports of flying around on a broom. Then one day having it discovered you have a black cat, a well saddle attached broom and industrial strength war remover in your bathro

A person gets caught doing this to a corporation, and 9 times out of 10 they end up in Federal 'Pound Me In The Ass' Prison with a fine so large it'll take years to pay back.

But if a corporation does it to a person...well, maybe they'll get a strongly worded email or something, or an unflattering article in a major newspaper (but not too unflattering, don't want to get sued for defamation or anything!)

...and people wonder why nobody trusts big business or the government anymore...

Actually, the private eye who actually did the crime is in jail already.

And who was he working for again? Oh, right, I'm sure they had no idea how he was getting the information he was passing along to them. And now that there is evidence that they were actively courting other people to break the law and hack into other voice mail 10 year ago, we're supposed to believe that it's just some big coincidence and that the corporation had no idea what he was doing?

Come on. They were obviously commissioning people to break the law on their behalf. If an individual did this, they w

The narrative is wrong here. Journalists are heroes, not villains. They are the hardworking people who ask the hard questions and bring the news to a grateful, if ignorant, public. You see, people will make the correct decisions if informed correctly by the Fourth Estate. I can think of no better standard-bearer for this zeitgeist (widely shared among journalists - get a few drinks in one and ask her) than the quote below:

"CBS News has a culture, has a history that for those of us who work here, is very

Deleting voicemails off of a murder victims voicemail inbox, that they had hacked, and then leading her family to believe that she was still alive and deleting her voicemails not only makes you a villain, you makes you fucking scum, evil and a blight on the face of the earth. Months ago an ex News of the World Journalist claimed on British TV that this sort of thing was going on, and had been for sometime, he claimed he had done nothing wrong in his quest for the truth and I stated at the time, where do we

In journalism, the line is supposed to be where the information no longer serves the public good. Journalists have long crossed the line of legality (ie. publishing Wikileaks details), but there has been the justification that the information was in the public interest. But hacking into the voice mail of a missing girl cannot in any way be presented as furthering the public interest. It's a repugnant form of tom-peepery, with no other purpose than to scoop some lurid details and be the first to press wit

Nobody is arguing against journalists using subterfuge in public interest cases.The NotW famously caught Jeffrey Archer admitting to perjury which led to his conviction.

That doesn't mean it's OK to hack into the voicemail of the Chancellor of the Exchequer and then run a story about his baby daughter dying of Cystic Fibrosis just because that's what you happen to find.

If Wikileaks was accused of going after Dick Cheney or George W. Bush's email and telephone records there would be overwhelming support for the actions. But News Corp asshats did it so it's a bad thing.

This is so ridiculous. The NotW does have a proud history of investigative journalism, the most famous example being Jeffrey Archer. The editor at the time ended up resigning over that though as Murdoch didn't want his papers going after Torys. In any case, that was a clear case of public interest.

The same argument can be made about Wikileaks. Leaking things that could embarrass the government in order to expose hypocrisy or lies is fine. Digging up dirt on someone just because they happen to be on TV and h

"The leak exposed massive corruption by Daniel Arap Moi, and the Kenyan people sat up and took notice. In the ensuing elections, in which corruption became a major issue, violence swept the country. "1,300 people were eventually killed, and 350,000 were displaced. That was a result of our

Wait a second, you're seriously arguing that it would have been better for the Kenyan people to not know about the corruption? That the fixing of an election and the ensuing violence was Wikileaks fault?

Wikileaks didn't kill those people, cabinet ministers in the Kenyan government planned and promoted the violence in order to crush the opposition! Sure, if the opposition hadn't found out about the corruption there would have been no reason to kill them. If you want to follow that logic though, we should just burn all newspapers and do whatever the people in power tell us to do.

If News Corp was accused of going after Dick Cheney or George W. Bush's email and telephone records, few people would be complaining. It's the target, not the perpetrator that's important. This is an old scandal, it's been known for years that they were hacking celebrity voice mails. What turned the story into an albatross was the revelation that they were hacking the voice mail of the victims and their families. Celebrities are famous, they give up some privacy for that fame. However, when you target

Perhaps you should try reading what the News Corp asshats have been up to. Hacking the Queen's voicemail was pretty tame compared to all the other stuff. Plus the Queen didn't lead us into an illegal war with lies about WMDs that has cost hundreds of thousands of lives. If someone hacked into Bush's voicemail and found incriminating evidence about that then I'm not quite sure what would be more in the public interest to be honest.

I'm sure they'd love to say it's just how tabloid journalism in the UK works but that's not the case. One quick look into Fox News and you find them doing all sorts of questionable things like photo manipulation, wikipedia edits and being in bed with Bush. http://en.wikipedia.org/wiki/Fox_News_Channel_controversies [wikipedia.org]

I would guess there is a whole load more we haven't found out about. I believe this guy thrives on this sort of scum. I hope someone has enough balls to stop his bskyb bid and I hope more peopl

Because he's one step ahead. The whole newspaper industry was at it, without a doubt. He's created a precedent about what happens to newspaper that get caught with their pants down and you can bet revelations will soon emerge about other people's rags.

The current theory is more along the lines that Murdoch's minions have the dirt on a number of senior politicians of both major parties, which is why even the previous Labour government was fairly subservient. There are anecdotal stories that N.I. journalists and representatives have, at various times threatened politicians with some sort of exposure, or at very least with an organized campaign against them in N.I. publications. The growing body of evidence that Gordon Brown, for instance, was targeted as

Remind me who was in power when we first started to hear about the hacking scandal. Remind me what they did about it. Remind me what the outcome of the first two investigations, er, I mean whitewashes was.

Oh yeah, the answer to all of the above is 'Labour'. Now, remind me of a scene with the Labour MPs booing and hissing in parliament over this EXACT SAME THING when they were in power. Oh, that's right - there isn't one. They only started to get a bit fro

This may be the case. Like there is not only one rapist, child abuser, murderer, thief and kingpin. But to ME that does not mean that the prosecution of those bastards should stop. It's bad enough the government is far to excessive in their invasion of the private lifes of people who are no criminals because there might (!) be a case somewhere. But a news corporation that invades the privacy of other people just because their completely legal activities might be news is despicable. The only place for such "

All tabloid newspapers in the UK are implicated in this hacking scandal; it's only a matter of time before dirt is found on the other tabloids.

No broadcasters are likely to be implicated though, as the broadcaster regulator OFCOM has statutory powers investigate and make broadcasters issue corrections. If any TV news journalist had tried to use evidence gained through hacking or bribery it would quickly have become apparent in any ensuing investigation.